LightVader (2/12/2016)
Tony++ (2/12/2016)
Is the implication that being on an unsupported platform is out of compliance? Is that written fact by a government or standards body, or a common interpretation by auditors?That I'm not sure about. In the past my company had a contract with another company that specified that we can't run any of their processes on unsupported software. I think Steve was talking about PCI and HIPAA regulations, which I don't have to deal with.
PCI requirements tend to focus more on how the data is stored, accessed and transmitted not so much the specific technology. A credit card number encrypted with the proper level of encryption is equally secure regardless of what medium it's stored in.